FBI held onto REvil decryptor for weeks before sharing with victims

ID theft
(Image credit: Future)

In a strange turn of event, it has emerged that the FBI had managed to get hold of REvil’s universal ransomware decryptor key three weeks before sharing it with victims.

Although the agency has not officially confirmed the claims, an anonymous source told the Washington Post (WP) that the FBI withheld the keys so as to not tip off REvil. 

“The questions we ask each time are: What would be the value of a key if disclosed? How many victims are there? Who could be helped? And on the flip side, what would be the value of a potential longer-term operation in disrupting an ecosystem? Those are the questions we will continue to have to balance,” reasoned the unnamed source. 

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> <a href="https://project.tolunastart.com/tqsruntime/main?surveyData=LFFFsT0HpgsyUe0tTFumBJohXK8Sedt0ARpsCF4DRGR+oCoVbvd+2+d8+UNIIx4L" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

It appears the FBI was gearing to launch a campaign to take down the notorious ransomware. However, before the agency could make a move, REvil pulled the plug on its operations on its own accord.

My precious

The reports come after cybersecurity firm Bitdefender recently released a universal decryptor for REvil victims, claiming to have made it together with a “trusted law enforcement partner” that it failed to identify.

Interestingly, the existence of a universal decryptor was first shared by a REvil representative, after the gang suddenly decided to get back into action after staying offline for nearly two months.

“One of our coders misclicked and generated a universal key, and issued the universal decryptor key along with a bunch of keys for one machine,” wrote REvil’s new representative in the Russian-post translated by security researchers at Flashpoint.

Flashpoint researchers have observed REvil trying to rebuild its reputation with former collaborators, who weren’t pleased with their sudden disappearance, prompting security researchers to urge clients to brace for a new round of REvil attacks.

VIa Washington Post

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.